Ubuntu
php-interbase package

ibase_query causes segfault

Bug #224892 reported by Arno Peters
4
Affects Status Importance Assigned to Milestone
php-interbase (Ubuntu)
Fix Released
Undecided
Popa Adrian Marius

Bug Description

Binary package hint: php5-interbase

Description: Ubuntu 8.04
Release: 8.04

php5-interbase:
  Geïnstalleerd: 5.2.5-0ubuntu1
  Kandidaat: 5.2.5-0ubuntu1
  Versietabel:
 *** 5.2.5-0ubuntu1 0
        500 http://nl.archive.ubuntu.com hardy/universe Packages
        100 /var/lib/dpkg/status

Running the following script in php5 (in cli or from apache2) with php5-interbase extension loaded, consistently triggers a segfault.

<?php
$host = '/path/to/your/database.fdb';
$user = 'sysdba';
$pass = 'masterkey';

$dbh = ibase_connect($host, $user, $pass);
$sql = 'SELECT * FROM SOMETABLE WHERE SOMEKEY = ?'; // only one parameter
$sth = ibase_query($dbh, $sql, $user, $pass); // too many parameters given
while ($row = ibase_fetch_assoc($sth)) {
 print $row;
}
ibase_free_result($sth);
ibase_close($dbh);
?>

Note that you need to adjust $host and $sql to meaningful values for your environment.

I see the following error messages in /var/log/messages:

Apr 30 21:22:51 arno kernel: [192039.261209] php[31511]: segfault at 00000008 eip b77669bc esp bfae9c90 error 4
Apr 30 21:23:15 arno kernel: [192063.399181] fb_lock_mgr[31081]: segfault at 00002d46 eip 0804dabc esp bfcc9180 error 4
Apr 30 21:24:13 arno kernel: [192121.052755] php[31548]: segfault at 00000008 eip b7ed69bc esp bfae5a40 error 4
Apr 30 21:24:55 arno kernel: [192163.208674] php[31572]: segfault at 00000008 eip b7ed79bc esp bf8de040 error 4
Apr 30 21:25:31 arno kernel: [192199.693415] php[32040]: segfault at 00000008 eip b7f539bc esp bffabf10 error 4
Apr 30 21:29:13 arno kernel: [192420.872480] fb_lock_mgr[31552]: segfault at 00002d46 eip 0804dabc esp bfd59a10 error 4

Popa Adrian Marius (mapopa)
Changed in php-interbase:
assignee: nobody → mapopa
Revision history for this message
Brian Murray (brian-murray) wrote :

I'm assigning this bug report to Nobody as it is in a New state and their is no clear indication that anyone is working on fixing the bug or triaging it.

Changed in php-interbase:
assignee: mapopa → nobody
Popa Adrian Marius (mapopa)
Changed in php-interbase:
assignee: nobody → mapopa
status: New → In Progress
Revision history for this message
Popa Adrian Marius (mapopa) wrote :

bug is confirmed but that is not the way to use an query with parameters

here is how i tested on my machine

<?php
$host = '/var/lib/firebird/2.1/data/employee.fdb';
$user = 'sysdba';
$pass = 'masterkey';

$dbh = ibase_connect($host, $user, $pass);
$sql = 'SELECT * FROM EMPLOYEE WHERE JOB_COUNTRY = ?'; // only one parameter

$sth = ibase_query($dbh, $sql, $user, $pass); // too many parameters given
while ($row = ibase_fetch_assoc($sth)) {
 print $row;
}
ibase_free_result($sth);
ibase_close($dbh);
?>

Revision history for this message
Popa Adrian Marius (mapopa) wrote :

i have also tested with php5.3

gdb --args /opt/php5.3/bin/php

Starting program: /opt/php5.3/bin/php 009.php
[Thread debugging using libthread_db enabled]
[New Thread 0x7f693133c700 (LWP 22832)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f693133c700 (LWP 22832)]
_php_ibase_exec (ht=4, return_value=0x2082310, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1,
    ib_resultp=0x7fff3935fda0, ib_query=0x7fff3935fd40, args=0x10)
    at /home/mariuz/work/php5.3-200807140830/ext/interbase/ibase_query.c:885
885 SEPARATE_ZVAL(args[i]);
(gdb) bt
#0 _php_ibase_exec (ht=4, return_value=0x2082310, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1,
    ib_resultp=0x7fff3935fda0, ib_query=0x7fff3935fd40, args=0x10)
    at /home/mariuz/work/php5.3-200807140830/ext/interbase/ibase_query.c:885
#1 0x0000000000466202 in zif_ibase_query (ht=4, return_value=0x2082310, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=1) at /home/mariuz/work/php5.3-200807140830/ext/interbase/ibase_query.c:1187
#2 0x00000000005898e5 in zend_do_fcall_common_helper_SPEC (execute_data=0x7f69311e5050)
    at /home/mariuz/work/php5.3-200807140830/Zend/zend_vm_execute.h:313
#3 0x00000000005745a9 in execute (op_array=0x2080dd0) at /home/mariuz/work/php5.3-200807140830/Zend/zend_vm_execute.h:104
#4 0x000000000054cf85 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/mariuz/work/php5.3-200807140830/Zend/zend.c:1198
#5 0x00000000004f9ab2 in php_execute_script (primary_file=0x7fff39362500)
    at /home/mariuz/work/php5.3-200807140830/main/main.c:2082
#6 0x00000000005c7e2e in main (argc=2, argv=0x7fff39362768) at /home/mariuz/work/php5.3-200807140830/sapi/cli/php_cli.c:1139

Revision history for this message
Popa Adrian Marius (mapopa) wrote :

seems to be fixed in latest 5.2 and 5.3 releases

http://bugs.php.net/bug.php?id=45373

http://git.chinstrap.eu/?p=php/php-src.git;a=blobdiff;f=ext/interbase/ibase_query.c;h=000fcdecd43868a28ee6741c6736fd26b1544660;hp=e3c0a51740aaa4c50506959d826a1a0a08d4f40f;hb=29075fe80a1dbb0cb60469c159d2b9dc75fc823a;hpb=793d39cc37c96ca021f1a45dc34589fc88b63345

http://git.chinstrap.eu/?p=php/php-src.git;a=blob;f=ext/interbase/tests/bug45373.phpt;h=bbaccd1289adffbcff871143c8d7105b5d588d1c;hb=29075fe80a1dbb0cb60469c159d2b9dc75fc823a

Revision history for this message
Popa Adrian Marius (mapopa) wrote :

seems to be fixed in latest 5.2 and 5.3 releases

http://bugs.php.net/bug.php?id=45373

Changed in php-interbase:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.